Download SecureDBaaS Architecture For Encrypted Cloud Database

International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
SecureDBaaS Architecture For Encrypted Cloud Database
VIJAYALAXMI JOSHI
SWATHI PATIL
M.Tech Student
Department Of Computer Science And Engineering
Assistant Professor
Department Of Computer Science And Engineering
LingarajAppa Engineering College, Bidar
LingarajAppa Engineering College, Bidar
Email Id:[email protected]
Email Id: [email protected]
ABSTRACT
Quick growth in communications, storage and processing information allow us to move all data into some remote place.
Data management systems activated by automated traditional tasks such as keeping record of business transactions. This
data involved mainly of numeric and characteristics. Cloud is not a particular product; it is a simpletechnique of
delivering IT services based on demand, adaptable to rescale as required based pay-as-use model. Cloud computing
becomes popular because of its delivery of flexible access to the cloud data storage. The cloud data storage capacity
allows users to access and extract the sensitive information whenever they require.
The storage and access of data through the third party server or proxy server increases the load of the users this leads to a
memory and time complexity. Storing and accessing data through the cloud server or proxy server will arisesecurity
issue. This concludes occurs cloud servers are not fully trustable.Some existing storage services provide security of
stored data, while data confidentiality for the database as a service model is still not fully formed. In this paper we
propose a different architecture that takes part cloud database services with confidentiality of data and the opportunity of
performing parallel operations on encrypted data. This architecture supports physically scattered clients which are
directly connected to an encrypted cloud database, and to perform concurrent and independent operations such read,
write and modify the database structure. This paper proposed architecture eliminates intermediate proxy servers that limit
the availability, elasticity, and scalability properties cloud-based solutions.
Key words: confidentiality, SecureDBaaS, proxy-server, cloud
I.
INTRODUCTION
Now a day's information is more and moreimportant in everyone daily life. All are turn out to be information
dependent, so living in an on command, on demand world. They try to store information where it has portable.
Individuals need data when and where it is required. To make it possible, this information needs to be uploaded to central
data repositories through network. Organizations are also be influenced by on fast and reliable access to information. The
increase in dependence of businesses and an individual on information has enlarged the challenges in storing, protecting
and managing data. Organizations usually maintain one or more data centers to store and manage information.
A Cloud computing provide solution for this data storage issue, as Database-as-a-Service. Those businesses that
store data in the cloud typically use primitive file storage systems rather than databases.A database accessible to clients
from the cloud and delivered to users on demand through the internet from a cloud database provider's servers is referred
as Database-as-a-Service (DBaaS), cloud databases can use cloud computing to achieve enhanced scaling, high
availability, multi-tenancy and effective resource allocation DBaaS that managed by a cloud operator that support
application without DBA.
50
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
Cloud computing is a tool that offers enormous benefits to its subscribers. As it is a tool, it comes with its set of
issues. The major concern is security and privacy in cloud. Two main issues exist with security and privacy aspects of
Cloud Computing: loss of control over data and dependence on the Cloud Computing provider.A cloud is remote based
infrastructure, an organization place private data and information at cloud. That might be sensitive and confidential. It is
then depends on the cloud service provider to manage, protect them. An organization’s existence might be in danger, so
therefore all doable alternatives should be explored before a decision.There are many solution for ensuring
confidentiality to storage as service(). For DBaaS is still in research. Ensuring an adequate level of protection to
databases' content is therefore an essential part of any comprehensive security program. Database encryption is a timehonored technique that introduces an additional layer to conventional network and application-level security solutions,
preventing exposure of sensitive information even if the database server is compromised.
In this perspective we proposed architecture as a SecureDBaaS for the cloud database. This has a same advantage
as DBaaS such as scalability, availability and reliability without revealing data to cloud provider. The architecture design
is driven by the numerous independent clients to perform the operations on the encrypted data by the SQL statements,
which can modify the database structure. The propose architecture has the property of executing the independent and
parallel operations to the remote encrypted database from any geographically located clients. In the proposed system we
eliminated intermediate proxy between the client and the cloud provider. Even after eliminating intermediate proxy we
can accomplish the same elasticity, availability and reliability of the DBaaS in cloud.
II.
LITERATURE REVIEW
A.Advancement of cloud storage
Rapid growth in information and the need to preserve it safety of data will require organizations to integrate how
they manage and use their data, from design to end of existence. Now all data can be stored in the internet storage space
that is cyberspace. These storages space are delivered and retained by the third party through the Internet [2]. Cloud
storage deals with large storage which is available for use, with three major attributes: accessing datathrough Web
services APIs on a non-persistent network connection, highly availablehuge quantity of storage space, and pay as per use
model. It supports rapid scalability [2]. The evolution of Cloud Storage based on traditional network storage and hosted
storage. One of the advantages of cloud storage is the access of your data anytime from anywhere.
Figure 1: Simple Cloud Storage
Cloud storage providers bring storage varying from small amount of data to entire warehouse of an organization. User
has to pay to cloud storage provider for utilization of cloud storage. The payment for usage is according for what
resources they are using and how much data they are transmitting to the cloud storage. In the cloud storage environment
the user data will be copied into on cloud data center of the cloud. This data remain in data servers that made available on
the cloud. This synchronization between data center will be result in high availability of the data server on cloud. Cloud
storage is an offering of cloud computing. Fig. 2 [2] shows the evolution of Cloud Storage based on traditional network
storage and hosted storage.
51
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
Figure 2: Cloud Storage Evaluation
Network Storage: Network storage is a unit, where computer connected to a network that provides data storage to other
devices on the network. Network storage is only file-based data storage services. It may technically possible to run
additional software on network storage unit. This is not designed to be a general purpose server Network storage unit
does not need any full-featured operating system, so it uses stripped-down operating system frequently. Network storage
uses protocols such as NFS , SMB/CIFS (Server Message Block/Common Internet File System), AFP (used with Apple
Macintosh computers). Network storage does not units limit clients to a single protocol.
Hosted Storage: A hosted storage is same as network storage along with introduce a gateway between traditional storage
and application. Cloud storage gateways use standard network protocols which integrate with existing applications.
Cloud storage gateways can also serve as intermediaries to multiple cloud storage providers. Some cloud storage
gateways also include additional storage features such as backup and recovery
B. Security in cloud storage
A security issue over cloud storage is definitely one of the major concerns that many organization are trying to
identify. In cloud storage data is placed at third party. A sensitive data in fully controlled by cloud serviceprovider. A
cloud provider ensures a security such as allowing only authorized user can access the information in cloud.
An
organization has a sensitive data and cloud provider is curies. an organization’s data might be in danger.
Similarly, privacy in the cloud is another major issue.Organizations and users have to trust their cloud service
provider. That they are providing confidentiality of data from unauthorized users. Data placed by organizationin cloud is
every so often stored in plain text. A recent report by the Cloud Security Alliance lists data leakage and dada lose as
security concerns in the cloud storage.Organization can be thought responsible for the loss of critical data and may face
heavy fines over data breaches. To lose data security practices also harm on a personal level. Lost or stolen medical
records, credit card numbers or bank information may cause emotional and financial ruin. Sensitive data stored within
cloud environments must be safeguarded to protect its owners.
C. RELATED WORK
There are many existing technology such Cryptographic file systems and secure storage that will assurance
security of the data in cloud. This integrates data which will be stored on untrusted cloud. DBMS engines offers
52
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
encryption of data using Transparent Data Encryption (TDE) [3]. This TDE make possible to build a trusted DBMS over
untrusted cloud storage using this technique. But, in the DBaaS context the DBMS engine is not trusted because it is
controlled by the cloud provider; hence the TDE approach is not suitable for the cloud database services. This approach
preserves data confidentiality in scenarios where the DBMS is not trusted. However it requires a modified DBMS engine
that is not compatible with commercial and open source DBMS software adopted by cloud providers. On the other hand,
the we proposed architecture is compatible with standard DBMS engines, and allows customers to make a secure cloud
database by leveraging cloud DBaaS readily available. The proposal in [3] uses encryption to control accesses to
encrypted data stored in a cloud database. This solution is not applicable to usage contexts in which the structure of the
database changes, and does not support concurrent accesses from multiple clients possibly distributed on a geographical
scale
The following are three types of architectures that are defined to preserve the confidentiality of data in cloud

Proxy server based architecture(PSB)
The proxy- server based architectures [5] shown in figure.3 [5] has an intermediate server for encryption and
decryption of data. The proxy is a bottleneck and a single-point-of-failure.This limitsthe availability, scalability and
elasticity of the cloud database as a service. Another consideration of this architecture is the proxy must be trusted. It
cannot be subcontracted to the cloud and it has to be organized and maintained locally. Moreover, proxy-based
architectures cannot scale inconsequentially by increasing the number of proxies. Such a naive solution would imply the
replication of metadata among all the proxies, but this would require synchronization algorithms and protocols to
guarantee consistency among all the proxies.
Figure 3: PBS Architecture

proxy server less architecture with distributed metadata (PSL-DM)
The Proxy server less architecture does not contain any intermediate proxy. By that it try to solve single point failure
of PSB architecture. PLS-DM stores metadata in the clients [4]. It distributes metadata among the clients so the clients
can connect directly to the cloud database. This architecture provides availability, scalability and elasticity. Each client
has its own encryption engine. encrypts the data at client and manages a local copy of metadata. Connect directly to
cloud database and store encrypted data. This architecture is differing byPSB by deployingproxy within each client. This
architecture for cloud accesses would suffer from the same consistency issues as PSB when multiple clients access same
database simultaneously.
53
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
Figure 4: PLS-DM Architecture

proxy server less architecture with metadata in cloud database (PSL-CD)
The third architecture is proxy server less architectures [6] shown in Fig. 5[6] it tried to eliminate inconsistency
problem of PLS-DM architecture. The PLS-DM stored a metadata at client side. When multiple clients access data
concurrently, metadata inconsistency occurred. To overcome this problem PLS-CD stores metadata in the cloud
database. In this the metadata is stored to the cloud database, the multiple and independent clients access the required
metadata and the encryption engine is executed by each client. In this architecture there is no need of synchronization
among the clients because metadata stored at cloud. Client machines execute a client software component that allows a
client to connect and issue queries directly to the cloud DBaaS. This software component retrieves the necessary
metadata from the untrusted database through SQL statements and makes them available to the encryption engine at the
client. Multiple clients can access the untrusted cloud database independently, with high availability, scalability and
elasticity. The drawback of this architecture is bottleneck and the single point of failure.
Figure 5: PSL-CD Architecture
III.
SYSTEM ARCHITECTURE
Providing confidentiality is very much difficult in electronic world where individuals, devices, and sensors are
connected and information is created, accessed and shared widely with one another. To ensure the clientssafety,
governments in addition came up with authentic measures. For example, the US federal law called The Secret Data
Assurance and Measurable Productivity Act (CIPSEA). Same as organizations have utilized different information de-ID
routines, for example, pseudonymization, and encryption and so on to remove/hide any data that recognizes people.
However these de-ID strategies have not been totally ready to secure the client's protection.
54
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
If anyone wants to store the delicate or confidential data in the cloud, these are strongly encrypted before storing them
into the cloud. Encrypting the data wills safety measure for the privacy of your data. Especially important when you are
storing sensitive corporate data or personal information that should never fall into the wrong hands.
The limitations in PSL-CD architecture are restricted access and the single point of failure. These are avoided in the
proposed SecureDBaaS architecture. The SeureDBaaS architecture shown in figure.6 is same as proxy-less architectures
that store metadata in the cloud database. The proposed architectureavoids single point of failure by distributed cloud
database.SecuredBaaS architecture is used where the data is distributed over the cloud. The distribute cloud database will
allow the databases to truly support the flexible requirements of cloud computing applications. Databases have been
distributed in terms of instances running on servers that have access to a high-speed network for a while. It also increases
the availability of the data.
.Figure 6: System Architecture
A .Secure DBaaS:
A SecureDBaaS allow multiple and independent clients to connect directly to untrusted cloud. Assume an
organization obtain database as a service from untrusted cloud provider. A secure DBaaS manage database related
information, such as encrypted database and encrypted metadata. An encryption of database in cloud database prevents
the violation of confidentiality by untrusted cloud provider. SecureDBaaS stores a metadata in cloud. And allow
SecureDBaaS client to retrieve necessary metadata, which is required to extract data from cloud database. Assume that
data stored in cloud database is relational database. Encrypted data is stored through secure table in cloud database.
Encryption operation is done at SecureDBaas client.
B. Metadata Storage Table:
A SecureDBaaS generate a metadata which include all the information need to access the data from encrypted
database. SecureDbaaS stores metadata in metadata storage table that is placed in cloud database. This is flexible
approach but come with two issues efficiency of data access and confidentiality.
To provide efficiency of data access SecureDBaaS use two metadata.
55
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
1. Database Metadata: This metadataassociated to entire database. This metadata has a only one instance for each database
in a cloud.
2. Table metadata: This is related with secure table. That is this metastable include all the information about encryption n
decryption of secure table.
Figure 7: Table Metadata Structure
Database and table metadata are encrypted by using the same encryption key before it has been stored at cloud database.
This encryption key is called a master key. Only trusted clients know this key. This master key only used to decrypt the
metadata and obtain information that is needed to encrypt and decrypt data at cloud database. Each client can retrieve
metadata by an associated ID. The ID is the primary key of the metadata storage table. By this mechanism each clients
are allowed to access metadata independently, which is an important feature in concurrent environments. In addition,
SecureDBaaS clients can use caching policies to reduce the bandwidth overhead.
C. Secure DBaaS Client: Let's expect that an association is an occupier of cloud gets and cloud database administration
from an untrusted DBaaS cloud administration supplier. The occupier then arranges one or more machines and
introduces a SecureDBaaS customer on each of them. This customer lets a client to interface with the cloud database to
get an administration, for example, to peruse and compose information, and even to make and adjust the its possessed
database. The data oversaw by SecureDBaaS customer incorporates plaintext information, encoded information,
metadata, and scrambled metadata. Plaintext information is the data about information put away and handle remotely in
cloud database. A protected DBaaS customer encoded the information before it has been put away in cloud remotely. It
deliver an arrangement of metadata that incorporate data needed to encode and decoded the information. After store of
information it will overhaul the metadata also in cloud metadata stockpiling table. It recovers the obliged metadata from
metadata stockpiling table to get to the cloud database.
IV.
CONCLUSION
With rapid growing technology of information, confidentiality of information is become more complex as more data is
being stored and exchanged. As the technology gets more refined organizations facing an extremely complex risk matrix
for guaranteeing confidentiality for sensitive personal information. As a result, security and confidentiality has fastemerged protection issue, if not citizen security issue, in the global information economy. Encryption provides
confidentiality for data stored in cloud; especially important when stored data is sensitive corporate data should not fall
into the wrong hands. The SecureDBaaS architecture assurances the data confidentiality for data saved into cloud
databases. A data which is stored on the cloud database are encrypted through cartographic algorithms and allows the
execution of SQL queries on encrypted database. This architecture is also providing multiple independent clients access
to data at cloud database. It does not trust on a trusted intermediate proxy that represents and also avoids the single point
of failure and a system bottleneck, which in turn increases the availability and scalability of cloud database services.
56
International Journal of Computer Application (2250-1797)
Volume 5– No. 4, June2015
REFERENCES
[1]. Abadi, Daniel J“Data Management in the Cloud: Limitations and Opportunities”, IEEE Data Engineering Bulletin,
Volume 32, March 2009.
[2] Broberg, RajkumarBuyya, ZahirTari, MetaCDN: Harnessing Storage Clouds or high performance content delivery,
Journal of Network and Computer Applications, 1012–1022, 2009.
[3]Damiani, E., De Capitani di Vimercati, S., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Metadata Management
in Outsourced Encrypted Databases. In: Jonker, W., Petkovi´c, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 16–32.
Springer, Heidelberg (2005)
[4]H. Hacigu¨mu¨ s¸, B. Iyer, C. Li, and S. Mehrotra, “Executing SQL over Encrypted Data in the Database-ServiceProvider Model,” Proc. ACM SIGMOD Int’l Conf. Management Data, June 2002.
[5] Popa, R.A., Redfield, C.M.S., Zeldovich, N., Balakrishnan, H.: CryptDB: protecting confidentiality with encrypted
query processing. In: Proceedings of the Twenty- Third ACM Symposium on Operating Systems Principles, SOSP 2011,
pp. 85–100. ACM, New York (2011)
[6] Luca Ferretti, Michele Colajanni, and MircoMarchetti: Distributed, Concurrent, and Independent Access to Encrypted
Cloud Databases. IEEE Transactions On Parallel And Distributed Systems, Vol. 25, No. 2, February 2014.
[7]
Oracle
corporation:
Oracle
advanced
security
(October
2012),
http://www.oracle.com/technetwork/
database/options/advanced-security
Acknowledgment:
I’m grateful to my guide Ms. Swathi C, Assistant Professor, Department of Computer Science & Engineering, LAEC
for being a constant guide and valuable suggestions and not only encouraging but helping me at every stage of my work.
57